The malicious actors behind the IcedID banking trojan have branched out and are now using the malware to steal payment card credentials from online retailers and may have even become malware-as-a-service dealers.

The e-tailer attacks began in November 2018 and instead of grabbing customer banking information, IcedID is used to grab credentials and payment card data from victims, said Limor Kessem, Global Executive Security Advisor, IBM Security.These are then used to make purchases at the target retailer in the user’s name with their payment cards and since they have all the necessary information the threat actors can make purchases at other locations.  

This new usage model was found by IBM Security during its on-going analysis of IcedID, which first came to light in September 2017. IcedID’s initial delivery method is still believed to be malspam and the Emotet trojan.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.